Create & connect Synology L2TP IPSEC VPN for Mac

In this tutorial, IT Block assists you in setting up an L2TP over IPSec VPN access to your Synology NAS server and connect with your Mac.

Create & connect Synology L2TP IPSEC VPN for Mac

L2TP over IPSec is a much more secure connection method, especially in comparison to PPTP.

Please note the prerequisites:

You require a static IP address for this to work. If you do not, a great workaround would be to set an account at no-ip.com. It is thus allowing you to more affordably point your L2TP over IPSec connection request to a hosted domain name that can follow the changes to your non-static IP, preserving the integrity of your remote connections. In all honesty, it is much less troublesome to get a static IP, but the much lower cost of using no-ip.com is also a significant factor to consider. It can also be helpful to have a router that is no-ip.com compatible.

Create & connect Synology L2TP IPSEC VPN for Mac

Step 1: Launch VPN server application in Synology DSM

Create & connect Synology L2TP IPSEC VPN for Mac

Run "Package Center" and search the 'VPN server' and install it. Once the installation is complete, run 'VPN server', and click on 'Overview' on the left-hand tab.
In Overview, you see all of the VPN server options available, now let's focus on setting up your L2TP IPSEC VPN server..

Step 2: Set up and launch L2TP over IPSec VPN server in Synology DSM

Create & connect Synology L2TP IPSEC VPN for Mac

Create & connect Synology L2TP IPSEC VPN for Mac

To start, click on 'L2TP/IPSEC' on the left-hand column and click 'Enable L2TP/IPSEC VPN server' to initiate. You could keep the settings as is, but for security reasons, you might want to change the Dynamic IP address to something less conventional. Changing it from '10.0.0~' to '10.22.0~' is much more secure; the idea is to stay away from default settings. You are required to use a pre-shared key, which we recommend the use of alphanumerics, symbols and capitalize letters since this key is shared by all who are attempting to connect to your Synology VPN server.
You can leave the rest of the settings as is, make sure the authentication set to 'MS-CHAP v2'. You can also improve security by controlling the number of maximum connections with the same user account.
Click 'Apply'. You have now successfully launched an L2TP over IPSec VPN server in your Synology NAS! Do take note of the port numbers your Synology NAS has indicated you keep open, which are 1701, 4500 and 500. Now let's show you how to connect to your VPN with your Mac OS computer.

In macOS, go to System Preferences > Network. You should see a list of Wifi, maybe some Ethernet and Bluetooth connections too. Click on the '+' or plus sign on the bottom-left corner of the 'Network' window. Choose 'VPN' as your interface, 'L2TP over IPSec' as your VPN Type, name your VPN service name whatever you want and click 'Create'.

Create & connect Synology L2TP IPSEC VPN for Mac

Once you have successfully created your new VPN profile in your 'Network' window, you can see a new Network profile on the left-hand side of your window under Wifi and Ethernet.

Click on the VPN profile to reveal the configuration settings of your L2TP over IPsec connection. Input the server address, in which case is either your static IP address, or the no-ip.com hosted DNS domain which points to your dynamic IP. Input the account name you use to access your Synology NAS and now click on 'Authentication Settings'.

Create & connect Synology L2TP IPSEC VPN for Mac

A small window pops up above your 'Network' window, and it allows you to input your password. And more importantly, input the pre-shared key earlier into the 'Shared Secret' under 'Machine Authentication'.
Now click 'Ok' to close the window and finish off the configuration by clicking 'Apply'.
Run a test on your 'Network' window to ensure your VPN connection is working by highlighting the VPN profile and click on 'connect'. If all is working as it should, the status indicates 'Connected'.

If the connection is not successful, make sure you have opened UDP ports 1701, 4500 and 500 on your the router attached locally to your Synology NAS. If your router is a UPnP or Universal plug and play, you might be able to set up the port forwarding through your Synology DSM. And if you are using a domain (by noip) and not a static IP, it would be useful to ensure the port 80 and 8080 are open too. This allows you to quickly troubleshoot remotely and check if your domain is working correctly.

Thank you so much for reading 'Create & connect Synology L2TP IPSEC VPN for Mac' by IT Block. IT Block is a local IT support services provider based in SIngapore and we enjoy sharing our IT expertise with the world.